2 minutes
Hetzner Firewall
When having a server it is recommended that you at least have some security measures enabled. One could be a Firewall. Hetzner does provide a Firewall on the switch before your dedicated server, so you can already avoid some unwanted traffic even before it hits the server.
Since I run a web-, dns-, mail- and ssh server on my server hardware. We’ll create some rules
| Name | Source IP | Destination IP | Source port | Destination port | Protocol | TCP flags | Action | |
|---|---|---|---|---|---|---|---|---|
| #1 | SSH | 22 | tcp | accept | ||||
| #2 | DNS TCP | 53 | tcp | accept | ||||
| #3 | DNS UDP | 53 | udp | accept | ||||
| #4 | HTTP | 80 | tcp | accept | ||||
| #5 | HTTPS | 443 | tcp | accept | ||||
| #6 | SMTP | 25 | tcp | accept | ||||
| #7 | SMTP TLS | 587 | tcp | accept | ||||
| #8 | IMAP TLS | 993 | tcp | accept | ||||
| #9 | POP3 TLS | 995 | tcp | accept | ||||
| #10 | Out | 32768-65535 | tcp | ack | accept |
Please make sure that you can access your server with ssh before applying these rules!
The last rule is important when you need to access the internet from your server. For example for updating the server.
Since the firewalls default rule is deny, we only need to allow legit traffic. When you are completely sure you could access the server after applying the rules, you can enable the firewall on the web-interface. This will take about 30 seconds to be applied.
Unfortunately Hetzner doesn’t support more than 10 rules, which you’ll use pretty fast, so keep it in mind when creating rules.